Hi,
I want to block DNS requests for "isc.org" domain, which are being abused for a DDoS attack. I've created a filter rule:
/ip firewall filter
add action=drop chain=forward content="isc\03org" disabled=no dst-port=\
53 protocol=udp
But it does not work. If I create a similar rule without the \03org, it efectively blocks anything in the form "*isc*".
What is the sintaxt for the text matching in filter rules? Does it accept wildcards/regex in any way? DNS queries separate domain segments with ETX (0x03)
In the wiki I can only find:
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
content (string; Default: ) Match packets that contain specified text
Regards